-
Notifications
You must be signed in to change notification settings - Fork 174
Pass --header
enrollment option to fleet-server
#8071
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
This pull request does not have a backport label. Could you fix it @blakerouse? 🙏
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
|
changelog/fragments/1746213492-Add-header-to-enrollment-communication-with-Fleet-Server.yaml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good to me. Once the ci is green and Craig's comments are addressed I can approve
|
💚 Build Succeeded
History
cc @blakerouse |
@cmacknz @kaanyalti Can I get another review of the PR? I know its been sitting a while, I just wanted to bring it back to your attention. |
* Work on adding HTTP header support to enroll. * Pass enroll headers to fleet. * Update --header command-line description. * Add changelog entry. * Fix typo. * Satisfy lint. * Add missing headers to container entry. * Update changelog. * Redact anything with auth in the key. * Add header test for checkin. * Fix imports. (cherry picked from commit 5e45823)
* Work on adding HTTP header support to enroll. * Pass enroll headers to fleet. * Update --header command-line description. * Add changelog entry. * Fix typo. * Satisfy lint. * Add missing headers to container entry. * Update changelog. * Redact anything with auth in the key. * Add header test for checkin. * Fix imports. (cherry picked from commit 5e45823)
…ng-oblt-cli * upstream: (37 commits) [AutoOps] Add `autoops-es.yml` to Packages (elastic#8728) EDOT collector: include the forward connector. (elastic#8753) Revert "ci: pin elastic-agent version (elastic#8736)" (elastic#8754) bk: retry Start ESS stack for integration tests (elastic#8553) Re-enable TestStandaloneUpgradeRollbackOnRestarts on windows (elastic#8718) removed reviewers from dependabot.yml (elastic#8709) Pass `--header` enrollment option to fleet-server (elastic#8071) Add ability for local output configuration to add to policy configuration (elastic#8766) Bump up github.com/go-viper/mapstructure/v2 dependency (elastic#8764) [Synthetics] Upgrade node to latest lts v20 (elastic#8712) [CI] BK Vault plugin for EC access (elastic#8377) feat: singleTest mage target for each integration test package (elastic#8691) ci: always include 8.19 LTS release branch in snapshots of test versions (elastic#8761) build(deps): bump github.com/elastic/mito from 1.19.0 to 1.20.0 (elastic#8755) chore: fix elastic-agent helm chart examples (elastic#8765) feat: support onboarding-id for kubernetes (elastic#8692) [main][Automation] Bump VM Image version to 1751072471 (elastic#8734) ci: revert deployment_csp_configuration.yaml to create_deployment_csp_configuration.yaml (elastic#8746) kustomize: pin kube-state-metrics version (elastic#8739) ci: pin elastic-agent version (elastic#8736) ...
* upstream: (39 commits) Fix otel extension status reporting (#8696) Refactor user change on service (#8347) [AutoOps] Add `autoops-es.yml` to Packages (#8728) EDOT collector: include the forward connector. (#8753) Revert "ci: pin elastic-agent version (#8736)" (#8754) bk: retry Start ESS stack for integration tests (#8553) Re-enable TestStandaloneUpgradeRollbackOnRestarts on windows (#8718) removed reviewers from dependabot.yml (#8709) Pass `--header` enrollment option to fleet-server (#8071) Add ability for local output configuration to add to policy configuration (#8766) Bump up github.com/go-viper/mapstructure/v2 dependency (#8764) [Synthetics] Upgrade node to latest lts v20 (#8712) [CI] BK Vault plugin for EC access (#8377) feat: singleTest mage target for each integration test package (#8691) ci: always include 8.19 LTS release branch in snapshots of test versions (#8761) build(deps): bump github.com/elastic/mito from 1.19.0 to 1.20.0 (#8755) chore: fix elastic-agent helm chart examples (#8765) feat: support onboarding-id for kubernetes (#8692) [main][Automation] Bump VM Image version to 1751072471 (#8734) ci: revert deployment_csp_configuration.yaml to create_deployment_csp_configuration.yaml (#8746) ...
What does this PR do?
Currently the
--header
enrollment flag is used when bootstrapping Fleet Server. Those headers should also be used when communicating with Fleet Server that is not being bootstrapped.Why is it important?
When enrolling to a Fleet Server that is behind a proxy that requires specific headers for communication it is not possible to enroll the Elastic Agent into the Fleet Server.
Checklist
[ ] I have made corresponding change to the default configuration files./changelog/fragments
using the changelog tool[ ] I have added an integration test or an E2E test(covered well in unit tests)Disruptive User Impact
None
How to test this PR locally
Setup a Fleet Server behind a proxy that requires a specific header for traffic to flow. Then enroll the elastic-agent with the required header:
./elastic-agent enroll --url http://proxy-url --enrollment-token ${token} --header X-Custom-Header=TEST
Related issues